N/A

PHP remote file inclusion vulnerability in CzarNews 1.13b allows remote attackers to execute arbitrary PHP code via the tpath parameter to (1) headlines.php or (2) news.php. NOTE: some sources have reported the "dir" parameter as being affected; however, this is likely a cut-and-paste error from the wrong section of the original vulnerability report. Also, the news.php version was later reported to be in 1.12 through 1.14.

N/A

N/A

CzarNews远程文件包含漏洞

CzarNews 1.13b中存在PHP远程文件包含漏洞，远程攻击者可以通过传给(1)headlines.php或(2)news.php的参数来执行任意PHP代码。注：一些信息来源报告"dir"参数也受影响；然而，这可能是原始漏洞报告中错误章节中的剪切和粘贴错误。

N/A

N/A